jasper (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package jasper, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (27)
CVE-2023-51257 — CVSS 7.8 (high): An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
CVE-2020-27828 — CVSS 7.8 (high): There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an…
CVE-2018-19543 — CVSS 7.8 (high): An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in…
CVE-2016-9397 — CVSS 7.5 (high): The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via…
CVE-2016-9398 — CVSS 7.5 (high): The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure)…
CVE-2016-9399 — CVSS 7.5 (high): The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via…
CVE-2018-9154 — CVSS 7.5 (high): There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote…
CVE-2022-2963 — CVSS 7.5 (high): A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause…
CVE-2024-31744 — CVSS 7.5 (high): In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing…
CVE-2021-26926 — CVSS 7.1 (high): A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of…
CVE-2018-9252 — CVSS 6.5 (medium): JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
CVE-2021-26927 — CVSS 5.5 (medium): A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of…
CVE-2021-27845 — CVSS 5.5 (medium): A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c
CVE-2021-3272 — CVSS 5.5 (medium): jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between…
CVE-2021-3443 — CVSS 5.5 (medium): A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format…
CVE-2021-3467 — CVSS 5.5 (medium): A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2…
CVE-2017-5503 — CVSS 5.5 (medium): The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid…
CVE-2017-5504 — CVSS 5.5 (medium): The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid…
CVE-2017-9782 — CVSS 5.5 (medium): JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image…
CVE-2017-5505 — CVSS 5.5 (medium): The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and…
CVE-2018-18873 — CVSS 5.5 (medium): An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
CVE-2018-19139 — CVSS 5.5 (medium): An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
CVE-2017-5499 — CVSS 5.5 (medium): Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted…
CVE-2016-9557 — CVSS 5.5 (medium): Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a…